How to find Personally Identifiable Information (PII) in Google Analytics

June 2, 2020 by Adrian Durow . Analytics

Most Google Analytics user know that capturing Personally Identifiable Information (PII) in Google Analytics is in violation of their terms & conditions, and could prompt Google to remove an account.  So you need to check for things like email address, names, addresses & phone numbers in your GA reports – particularly your page and event reports. Here’s how you can check for it…  

#1 Email addresses

Paste the below into your page reports (Behaviour > Site Content > All pages), and your Event Category, Event Action, Event Label reports. Filter, ‘Matching RegExp’

\b[A-Z0-9._%+-]+@[A-Z0-9.-]+\.[A-Z]{2,}\b

How to find PII in Google Analytics email addresses  

#2 Phone numbers

Use the below filter (‘Matching RegExp’) in those same reports, to look for phone numbers:

(\s*\(?0\d{4}\)?(\s*|-)\d{3}(\s*|-)\d{3}\s*)|(\s*\(?0\d{3}\)?(\s*|-)\d{3}(\s*|-)\d{4}\s*)|(\s*(7|8)(\d{7}|\d{3}(\-|\s{1})\d{4})\s*)

 

#3 First and last names

This is a bit more difficult to filter, as there are millions of names out there. You can use the below filter (‘Matching RegExp’) to look for some of the typical query parameters used:

(fn|ln|lastname|firstname|name|fullname)

 

#4 Addresses

Again, a bit more difficult to filter, but the below uses popular street name suffixes as a start.

(drive|street|road|postcode|way|park|avenue|lane|gardens|square|crescent)

 

If you’ve found some… then what next?

I can’t take the credit for this solution. PII can’t be blocked with a filter on GA’s view settings. As the data is still being collected, and sent to GA… which is still in breach of those terms & conditions. But it can be redacted, like this: Redact PII in Google Analytics email addresses

See instructions from Brian Clifton’s excellent post here

Don’t forget to ensure that customTask is set on every tag sending data into GA.

Latest articles